The DFIR Report (@TheDFIRReport )

The DFIR Report

Bio real intrusions by real attackers, the truth behind the intrusion
Tweets 22
Followers 502
Following 18
Account created 03-04-2020 01:33:43
ID 1245886895458078722

Twitter Web App : Another RDP brute force ransomware strikes again, this time, Snatch Team!

-Lateral movement via RDP
-C2 via Meterpreter/RDP Proxy via Tor
-Persistence via Scheduled Tasks
-Domain ransomed in less than 5 hours

#infosec #malware MISP…